Azure subscription management problem

Question

Azure subscription management problem

Eugene Shvydko 20

I have been assigned an Azure subscription owner role to perform Azure Monitor configuration and deployment, under my subscription info i see this:
Error details Code: AuthorizationFailed Message: The client '******@yourcompany.com' with object id 'xxxxx-xxxx-xxxxxxxx-xxxxxxxxx' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/#####-####-#####-####-#######' or the scope is invalid. If access was recently granted, please refresh your credentials. Correlation ID: 46eda7d1-f6f0-faf6-8d48-b7d7441a21d4
The exact same error comes out when i'm trying to refresh credentials with Azure CLI, scope is valid.
Thank you for your help.

Rahul Podila 2,000 Reputation points Microsoft External Staff

2025-02-03T01:46:01.4666667+00:00

Hi @Eugene Shvydko

Just checking in to see if the below answer provided by @Abiola Akinbade helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know
Ashok Gandhi Kotnana 4,390 Reputation points Microsoft External Staff

2025-02-03T16:08:37.5833333+00:00

Hi @Eugene Shvydko ,

We have noticed that you rated an answer as not helpful. We appreciate your feedback and are committed to improving your experience with the Q&A. We are working on finding an alternative solution to address your issue.
Pranay Reddy Madireddy 2,565 Reputation points Microsoft External Staff

2025-02-04T18:26:05.5833333+00:00

Hi Eugene Shvydko
If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" and ''accept answer'' on my post let us know Thank you...!
Ashok Gandhi Kotnana 4,390 Reputation points Microsoft External Staff

2025-02-06T02:11:01.8+00:00

Hi Eugene Shvydko,

I noticed your upvote—thanks for that! I’d really appreciate it if you could accept the answer, as it would help others in the community facing the same issue can refer this link.

Thankyou

Accepted answer

1 additional answer

Your answer

Rahul Podila 2,000 Reputation points Microsoft External Staff

2025-02-03T01:46:01.4666667+00:00

Hi @Eugene Shvydko

Just checking in to see if the below answer provided by @Abiola Akinbade helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know
Ashok Gandhi Kotnana 4,390 Reputation points Microsoft External Staff

2025-02-03T16:08:37.5833333+00:00

Hi @Eugene Shvydko ,

We have noticed that you rated an answer as not helpful. We appreciate your feedback and are committed to improving your experience with the Q&A. We are working on finding an alternative solution to address your issue.
Pranay Reddy Madireddy 2,565 Reputation points Microsoft External Staff

2025-02-04T18:26:05.5833333+00:00

Hi Eugene Shvydko
If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" and ''accept answer'' on my post let us know Thank you...!
Ashok Gandhi Kotnana 4,390 Reputation points Microsoft External Staff

2025-02-06T02:11:01.8+00:00

Hi Eugene Shvydko,

I noticed your upvote—thanks for that! I’d really appreciate it if you could accept the answer, as it would help others in the community facing the same issue can refer this link.

Thankyou

Answer 1

Pranay Reddy Madireddy 2,565 Microsoft External Staff

Hi @Eugene Shvydko

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

User's image

If your access is restricted to certain resource groups, make sure you have the right permissions at the resource group level. Go to "Resource groups," select the group, and check your role assignments

Check that there are no Azure AD policies or restrictions blocking your account from logging in and getting the necessary permissions.

Sometimes, it takes a little time for role assignments to take effect in Azure. If you’ve just been assigned the role, wait a few moments and then try again.

For reference, please review this documentation:-

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits

https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting?tabs=bicep

https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

https://learn.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest

If you have any further queries, do let us know.

If the answer is helpful, please and "Upvote it".

Pranay Reddy Madireddy 2,565 Reputation points Microsoft External Staff

2025-02-05T05:21:48.89+00:00

Hi Eugene Shvydko
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!
Pranay Reddy Madireddy 2,565 Reputation points Microsoft External Staff

2025-02-05T20:32:33.3633333+00:00

Hi @Eugene Shvydko
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!

Answer 2

Hello Eugene Shvydko,

Thanks for your questio

Deny assignments override role-based access. Look for deny policies in Subscription IAM > Deny assignments.

Check your assigned role permissions. It is possible it was assigned from a mgt group rather than subscription scope. If this the case, Create a custom role with explicit Microsoft.Resources/subscriptions/resourceGroups/read permissions and assign it to your account.

To create one, see: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola

Share via

Azure subscription management problem

1 additional answer

Your answer